I am unable to pinpoint this error. I am trying to use an SSH key and unique user for this particular site. FS_METHOD direct is of course making files under the www-data user, which I don’t want (I don’t think). So I’m kinda stuck here. No matter which settings I change in the config file that’s the error I get (after fixing the public/private key mismatch error hah). And in the tutorial I didn’t see much talk about this error. Any help pointing me in the right direction would be much appreciated!
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Click below to sign up and get $200 of credit to try our products over 60 days!
For Apache, then, you may need to run ownership equal to user:apacheuser where apacheuser is the user that Apache is running as. On NGINX, you have a little more control as you can actually run PHP as a different user than you run NGINX as (i.e. the user you created), so PHP-FPM will run as intended without the need for work arounds.
With Apache, and without the ability to run PHP as a different user per instance (as you can with PHP-FPM), then you may be forced to use
define()and the plugins. That is, unless you run all files and dirs as the same user as apache is running as, which isn’t very secure as one user then has control over all files and directories associated with your accounts.
In such a case, should someone gain access to one, they could easily gain access to the rest.
From a security standpoint, each user should always have their own account.
What you’re talking about is changing the user that PHP-FPM runs as, and yes, you can and should do that. You’ll want to look in:
By default, there’s only a single file in that directory and that’s
www-dataas the default user. To setup a PHP-FPM instance for each user, you’d simply copy that file to a new one and change the configuration within it.
For example, let’s say we have user1, user2, user3. In the above directory, create:
by simply copying the existing
www.confto a new file. The command below creates the 3 new files we need for this example.
Now, you’d simply create directories for each user and then a new user account for each:
Now we need to edit our newly created PHP-FPM configuration files and change a few specific values before we restart PHP-FPM. The lines you want to look at changing are:
In the first, change
[www]to the username (i.e
[user1]…). You’ll then set the
groupto the same username. Finally, increase the port # by one (i.e.
The reason we need to increase the port is because we can’t have two users listening in on the same port. Yes, it’s really that simple :-).
Now, once all 3 configuration files have been modified, restart PHP-FPM.
Now, the biggest change is going to be how I setup NGINX in the guide I provided you with. If you look in this file:
You’ll see where I defined the port that PHP-FPM connects on for that account. You’ll need to copy this file in to each server block instead of including it and then change the port. So what you’d end up with is a server block that looks like the below for each account instead of the slimmer one in that guide.
The only line in the PHP block that you need to change is
fastcgi_pass 127.0.0.1:9000;. All you’re doing here is making sure the ports match up.
Once you have your 3 server blocks, 3 PHP-FPM configuration files, and you’re set:
NOTE: You could simply copy that file to another 2 files to make 3 and just modify the include line. This would probably be better down the line to reduce clutter, but for show, I’ve simply pasted the contents in to the server block.
If you’ve created a new user:group and changed the ownership of all files and directories to the newly created user, then set all directories with a CHMOD 0755 and files with a CHMOD of 0644, you really shouldn’t need a more complex setup. When a user owns the files and directories, it should be able to access them as needed without the use of a plugin or SSH keys.
Running the following command will recursively change all directories to CHMOD 0755:
Then, we’ll handle files by setting the CHMOD to 0644
Using plugins and setting SSH keys for SFTP uploads seems to be overkill and the above is a far more simple solution that I’ve used in the past without any issues.